akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
2,195 Commits 11 Branches 107 Tags
7d3652d2dec78b6e77d6573550837f6118e860c3
Commit Graph

4 Commits

Author SHA1 Message Date
GitHub Actions
f64e3feef8 chore: clean .gitignore cache 2026-01-26 19:22:05 +00:00
GitHub Actions
e5f0fec5db chore: clean .gitignore cache 2026-01-26 19:21:33 +00:00
GitHub Actions
4adcd9eda1 feat: add nightly branch workflow 2026-01-13 22:11:35 +00:00
GitHub Actions
739895d81e fix(security): resolve CrowdSec startup and permission issues 
Fixes CrowdSec not starting automatically on container boot and LAPI
binding failures due to permission issues.

Changes:
- Fix Dockerfile: Add charon:charon ownership for CrowdSec directories
- Move reconciliation from routes.go goroutine to main.go initialization
- Add mutex protection to prevent concurrent reconciliation
- Increase LAPI startup timeout from 30s to 60s
- Add config validation in entrypoint script

Testing:
- Backend coverage: 85.4% ( meets requirement)
- Frontend coverage: 87.01% ( exceeds requirement)
- Security: 0 Critical/High vulnerabilities ( Trivy + Go scans)
- All CrowdSec-specific tests passing ( 100%)

Technical Details:
- Reconciliation now runs synchronously during app initialization
  (after DB migrations, before HTTP server starts)
- Maintains "GUI-controlled" design philosophy per entrypoint docs
- Follows principle of least privilege (charon user, not root)
- No breaking changes to API or behavior

Documentation:
- Implementation guide: docs/implementation/crowdsec_startup_fix_COMPLETE.md
- Migration guide: docs/implementation/crowdsec_startup_fix_MIGRATION.md
- QA report: docs/reports/qa_report_crowdsec_startup_fix.md

Related: #crowdsec-startup-timeout
 2025-12-23 01:59:21 +00:00